caldav-adapter 8.2.9 → 8.2.11

package/common/parse-body.js

@@ -17,6 +17,10 @@ module.exports = async function (ctx) {
   if (ctx.request.type.includes('xml')) {
     try {
       ctx.request.xml = new DOMParser().parseFromString(ctx.request.body);
+      // Ensure we have a valid document, otherwise set to null
+      if (!ctx.request.xml || typeof ctx.request.xml !== 'object') {
+        ctx.request.xml = null;
+      }
     } catch (err) {
       if (ctx.logger) ctx.logger.warn(err);
       else if (ctx?.app?.emit) ctx.app.emit('error', err, ctx);

package/common/xml.js

@@ -21,6 +21,11 @@ module.exports.nsLookup = nsLookup;
 const select = xpath.useNamespaces(namespaces);
 
 function get(path, doc) {
+  // Validate that doc is a proper XML document
+  if (!doc || typeof doc !== 'object') {
+    throw new Error('Invalid XML document: document is null or not an object');
+  }
+
   return select(path, doc);
 }
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "caldav-adapter",
   "description": "CalDAV server for Node.js and Koa. Modernized and maintained for Forward Email.",
-  "version": "8.2.9",
+  "version": "8.2.11",
   "author": "Sanders DeNardi and Forward Email LLC",
   "contributors": [
     "Sanders DeNardi <sedenardi@gmail.com> (http://www.sandersdenardi.com/)",

package/routes/principal/get.js

@@ -0,0 +1,27 @@
+const {
+  build,
+  multistatus,
+  response,
+  status,
+  href,
+  buildTag
+} = require('../../common/x-build');
+
+module.exports = function (_options) {
+  return async function (ctx) {
+    // GET requests to principals should return the current user principal
+    // This is what CalDAV clients expect when they follow redirects from root URL
+
+    const principalInfo = [
+      {
+        [buildTag('DAV:', 'current-user-principal')]: href(
+          ctx.state.principalUrl
+        )
+      }
+    ];
+
+    const resps = response(ctx.url, status[200], principalInfo);
+    const ms = multistatus([resps]);
+    return build(ms);
+  };
+};

package/routes/principal/principal.js

@@ -6,6 +6,7 @@ const {
 } = require('../../common/response');
 const winston = require('../../common/winston');
 const routePropfind = require('./propfind');
+const routeGet = require('./get'); // New GET handler
 const routeMkCalendar = require('./mkcalendar');
 // const routeReport = require('./report');
 
@@ -13,6 +14,7 @@ module.exports = function (options) {
   const log = winston({ ...options, label: 'principal' });
   const methods = {
     propfind: routePropfind(options),
+    get: routeGet(options), // Use proper GET handler instead of reusing PROPFIND
     // report: reportReport(opts)
     //
     // TODO: proppatch
@@ -26,7 +28,7 @@ module.exports = function (options) {
     const method = ctx.method.toLowerCase();
 
     if (method === 'options') {
-      setOptions(ctx, ['OPTIONS', 'PROPFIND']);
+      setOptions(ctx, ['OPTIONS', 'PROPFIND', 'GET']);
       return;
     }
 

package/routes/principal/propfind.js

@@ -11,6 +11,11 @@ const commonTags = require('../../common/tags');
 module.exports = function (options) {
   const tags = commonTags(options);
   return async function (ctx) {
+    // Validate XML document before processing
+    if (!ctx.request.xml) {
+      ctx.throw(400, 'Invalid or missing XML in PROPFIND request');
+    }
+
     const { children } = xml.getWithChildren(
       '/D:propfind/D:prop',
       ctx.request.xml